Merge pull request #96 from rwhitworth/rwhitworth-SECURITY.md-CVE-202…

…1-35043 add CVE-2021-35043 to SECURITY.md
nahsra · Aug 4, 2021 · 5f8c9ef · 5f8c9ef
2 parents cb1ea9c + 01ee9a2
commit 5f8c9ef
Showing 1 changed file with 1 addition and 0 deletions.
diff --git a/SECURITY.md b/SECURITY.md
@@ -30,3 +30,4 @@ These are the known CVEs reported for AntiSamy:
 
 * AntiSamy CVE #1 - CVE-2016-10006: XSS Bypass in AntiSamy before v1.5.5 - https://www.cvedetails.com/cve/CVE-2016-10006
 * AntiSamy CVE #2 - CVE-2017-14735: XSS via HTML5 Entities in AntiSamy before v1.5.7 - https://www.cvedetails.com/cve/CVE-2017-14735
+* AntiSamy CVE #3 - CVE-2021-35043: XSS via HTML attributes using &#00058 as replacement for : character before v1.6.4 - https://www.cvedetails.com/cve/CVE-2021-35043